On Thu, Oct 4, 2012 at 12:25 PM, Daniel Borkmann <[email protected]> wrote: > On Thu, Oct 4, 2012 at 12:22 PM, Daniel Borkmann <[email protected]> > wrote: >> On Thu, Oct 4, 2012 at 1:49 AM, TOoSmOotH <[email protected]> wrote: >>> Is it possible to index PCAP as it writes it to disk? I really like >>> netsniff-ng as it scales well with high traffic but the downside to that is >>> a lot of pcap. This means searching through the pcap takes a long time >>> especially when there are lots of writes going on. >> >> Thanks for using netsniff-ng! >> >> Currently, there is no such a feature built-in. I agree that on huge >> pcap files, searching through it might be a bit of a pain, even in >> case of an efficient BPF filter for an offline analysis. There is such >> as thing as pcapIndex [1], but from what I know seems to be patented. >> >> [1] http://www.sigcomm.org/node/3230 > > Let me think about it and maybe in short till mid-term future we will > come up with a solution.
For now, maybe https://github.com/taterhead/PCAP-Index can be of help for you. --
